From 8a232783c3444677eb1faa3048123dda21767094 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Tue, 17 May 2016 22:28:27 +0000
Subject: - Use unsigned version of min() when handling arguments of SETFKEY
 ioctl. - Validate that user supplied control message length in sendmsg(2)  
 is not negative.

Security:	SA-16:18
Security:	CVE-2016-1886
Security:	SA-16:19
Security:	CVE-2016-1887
Submitted by:	C Turt <cturt hardenedbsd.org>
Approved by:	so
---
 UPDATING | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'UPDATING')

diff --git a/UPDATING b/UPDATING
index f6a5f2a..2a1249e 100644
--- a/UPDATING
+++ b/UPDATING
@@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20160517	p3	FreeBSD-SA-16:18.atkbd
+			FreeBSD-SA-16:19.sendmsg
+
+	Fix buffer overflow in keyboard driver. [SA-16:18]
+
+	Fix incorrect argument handling in sendmsg(2). [SA-16:19]
+
 20160504	p2	FreeBSD-SA-16:17.openssl
 			FreeBSD-EN-16:06.libc
 			FreeBSD-EN-16:07.ipi
-- 
cgit v1.1